SonicWALL NetExtender - Client Install?

vpn sonicwall
5,850

NetExtender is neither thin nor browser-based. It cannot be deployed without administrator privileges and it cannot be deployed via GPO, because it requires installation of an unsigned network driver:

Unsigned driver warning

Personally, I find it a bit disturbing that a security vendor would see fit to sell a product that requires training users to ignore bright red security warnings.

You may be able to get around this by disabling driver signing, but I have not tested this approach. Allowing unsigned drivers on a domain-wide basis really isn't an appropriate fix for a single vendor's broken product.

Comparing hype vs. reality:

What SonicWall says on their marketing web site about installing NetExtender:

NetExtender is not a fat client. It pushes a thin client transparently onto the client's desktop or laptop and installs it automatically to facilitate this broader level of access.

What SonicWall says on their support web site about installing NetExtender (abridged):

To initially install the NetExtender client, the user must be logged in to the PC with administrative privileges. Downloading and running scripted ActiveX files must be enabled on Internet Explorer. It is recommended that you add the URL or domain name of your SSL-VPN server to Internet Explorer's trusted sites list. This will simplify the process of installing NetExtender and logging in, by reducing the number of security warnings you will receive.

In my opinion, "transparently" is not the right word for this procedure.

Share:
5,850

Related videos on Youtube

JArmani
Author by

JArmani

Updated on September 18, 2022

Comments

  • JArmani
    JArmani over 1 year

    We are about to push out a new VPN solution for our organization. One of the beautiful things we saw in SonicWALL's SSL-VPN was the thin, browser-based solution of NetExtender.

    Does anybody have experience with this? My specific concern is that, at least in Windows 7 during testing, it prompts for admin credentials to install the ActiveX NetExtender plugin, which is standard for installing anything in a Windows domain environment. But doesn't this mean I actually have to go in and install the client on all domain laptops that will be using the VPN in the field? They wouldn't actually be able to simply visit the site and run the client, as advertised? By the way, we're using the SonicWALL NSA 3500 device.

    We do have ManageEngine's Desktop Central, which can push out software installations, but it usually has to be in the form of a .MSI package.

    Is there any solution to this, besides hitting up all my organization's computers?

    • Hecter
      Hecter over 11 years
      NetExtender is shockingly messy. One problem that comes up often is that newer versions of the NetExtender client are not backward-compatible with older versions of SonicOS. Consequently, someone who connects via NetExtender to different firewalls at different offices may need to uninstall and reinstall NetExtender each time the target firewall changes. Mac support exists but is extremely buggy.
  • Hecter
    Hecter over 11 years
    So far as I know, it is not possible to deploy the NetExtender MSI package via GPO because it requires installation of an unsigned driver.
  • JArmani
    JArmani over 11 years
    It would be nice to have clarification on whether a GPO would work, now I see two differing opinions. Miles' response makes more sense... and the other guy's name is "GPOsRUle" Haha
  • JArmani
    JArmani over 11 years
    I see. Thanks for making the time for a response. That makes sense about the drive, too. Unfortunately.
  • JArmani
    JArmani over 11 years
    You mentioned an MSI package, however. Where do you find the MSI installer? In testing, I've only tried launching NetExtender from the portal via a browser.
  • JArmani
    JArmani over 11 years
    So have you had to push this out to domain computers? Did you have to install as admin, one-by-one, or do you grant the domain users admin rights on their own laptops or something?
  • Hecter
    Hecter over 11 years
    @JArmani Yep. One or the other.
  • JArmani
    JArmani over 11 years
    Ok, well at least I have a grasp on my options now. Thanks so much!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Global VPN Client Can't Acquire IP Address
Authenticate VPN with Active Directory and Sonicwall TZ 200 Device?
How to make LAN PCs (Windows) accessible from a SonicWALL L2TP VPN connection
connections over VPN stop working unless I manually restart it
Routing issue for SonicWall VPN client
Sonicwall site-to-site can not access remote network
Going in circles trying to configure SSL VPN for Sonicwall TZ105
Unable to connect from Linux (Ubuntu) to SonicWall VPN
Is there an option to connect to the VPN before logging in using the SonicWall VPN Client?
VPN into SonicWall behind another NAT/Router